EDU-262: Palo Alto Networks: Cortex XDR 3.0: Investigation and Response (EDU-262)
About this Course
Audience Profile
- Cybersecurity analysts and engineers
- Security operations specialists
At Course Completion
Successful completion of this instructor-led course with hands-on lab activities should enable the students to:
- Investigate and manage incidents
- Describe the Cortex XDR causality and analytics concepts
- Analyze alerts using the Causality and Timeline Views
- Work with Cortex XDR Pro actions such as remote script execution
- Create and manage on-demand and scheduled search queries in the Query Center
- Create and manage the Cortex XDR rules BIOC and IOC
- Working with Cortex XDR assets and inventories
- Write XQL queries to search datasets and visualize the result sets
- Work with Cortex XDR’s external-data collection
Outline
- 1 - Cortex XDR Incidents
- 2 - Causality and Analytics Concepts
- 3 - Causality Analysis of Alerts
- 4 - Advanced Response Actions
- 5 - Building Search Queries
- 6 - Building XDR Rules
- 7 - Cortex XDR Assets
- 8 - Introduction to XQL
- 9 - External Data Collection
Prerequisites
Participants must have completed the Cortex XDR: Prevention and Deployment (EDU 260) course.